Skip to content

miranalmehrab/Smell-Investigator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

100 Commits

detection

detection

 
 

logs

logs

 
 

operations

operations

 
 

rules

rules

 
 

test-codes

test-codes

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

analyzer.py

analyzer.py

 
 

curr-smell.csv

curr-smell.csv

 
 

main.py

main.py

 
 

project-descriptions.csv

project-descriptions.csv

 
 

run_on_code_folder.py

run_on_code_folder.py

 
 

run_on_single_code.py

run_on_single_code.py

 
 

Repository files navigation

Smell Spotter

This is an Visual Studio Code extension for detecting insecure coding practices in python code. These insecure coding practices are also known as security smells. These smells can leave room for exploitation of software system ands lead to security breaches. To help the practioners, this tool has been developed to locate these smells in code.

Investigated Smells

Bad File Permission
Command Injections
Cross-site scripting
Constructing SQL upon Input
Debug Set to True in Deployment
Exec Statement
Empty Password
Hard-coded Secrets
Hard-coded IP Address Binding
Hard-coded tmp Directory
Insecure Data Deserialization
Insecure Dynamic Code Execution
Ignore Except Block
Insecure YAML operation
No Certificate Validation
No Integrity Check
Use of HTTP without TLS
Use of assert Statement

Prerequisites

The following things need to be installed for the software -

python 3.8

Authors

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages